Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/4inp3rmc8abBZrSpYG-9NzczLIs.roa
File:                     4inp3rmc8abBZrSpYG-9NzczLIs.roa (raw, json)
Hash identifier:          qFrZA2CrZBITypnTYdQbhEuRjClc/T+Pn0jtn1pc/ok=
Subject key identifier:   E2:29:E9:DE:B9:9C:F1:A6:C1:66:B4:A9:60:6F:BD:37:37:33:2C:8B
Certificate issuer:       /CN=2f8e5122569de52cd50aec793494bf1ce7c25fc8
Certificate serial:       01942444ADE88B52902EA5DE4FF51753F06C
Authority key identifier: 2F:8E:51:22:56:9D:E5:2C:D5:0A:EC:79:34:94:BF:1C:E7:C2:5F:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L45RIlad5SzVCux5NJS_HOfCX8g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/4inp3rmc8abBZrSpYG-9NzczLIs.roa
Signing time:             Wed 01 Jan 2025 23:47:48 +0000
ROA not before:           Wed 01 Jan 2025 23:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49336
IP address blocks:        193.26.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/L45RIlad5SzVCux5NJS_HOfCX8g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/L45RIlad5SzVCux5NJS_HOfCX8g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L45RIlad5SzVCux5NJS_HOfCX8g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 20:22:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ad:e8:8b:52:90:2e:a5:de:4f:f5:17:53:f0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f8e5122569de52cd50aec793494bf1ce7c25fc8
        Validity
            Not Before: Jan  1 23:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e229e9deb99cf1a6c166b4a9606fbd3737332c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:66:43:bb:77:8d:78:40:78:d8:f4:7b:8b:ee:
                    97:af:48:c6:25:8a:de:23:d6:e0:9a:a9:13:c8:a6:
                    d7:f8:11:38:4a:6d:a1:6a:ab:9a:d0:c0:c4:b0:28:
                    9d:0d:7a:e9:93:08:12:c6:ea:aa:62:31:78:79:5b:
                    c6:bd:e7:95:61:54:b2:4b:76:e6:87:20:bc:4a:cc:
                    22:b2:bb:e9:95:e0:ef:61:7a:27:bb:c7:d4:26:0a:
                    1f:d2:56:ef:85:41:df:b5:f8:fe:e8:58:14:54:5b:
                    a8:4b:e7:ea:ec:83:96:71:7f:30:75:c8:16:5a:2c:
                    79:0d:b5:37:f8:46:65:2b:10:4e:43:45:fb:e4:63:
                    89:bd:39:ab:0a:ae:cb:35:ef:ae:12:00:7a:eb:47:
                    13:f2:07:99:1d:10:58:d3:85:fb:05:6c:59:2d:76:
                    6f:d0:71:93:38:9a:80:cd:32:5d:56:63:67:a9:2f:
                    96:56:f2:ec:8b:0f:7b:86:60:51:a5:70:97:34:81:
                    ca:43:74:b1:2c:f7:14:4e:88:9e:7f:92:e8:8f:e3:
                    6a:c5:d7:8d:72:59:e7:3d:10:18:cb:f6:b0:5e:86:
                    8b:aa:cd:8d:57:02:a3:98:31:3b:7c:8f:08:b9:aa:
                    e1:89:28:48:2c:ef:ed:7b:72:52:75:05:5a:c2:47:
                    80:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:29:E9:DE:B9:9C:F1:A6:C1:66:B4:A9:60:6F:BD:37:37:33:2C:8B
            X509v3 Authority Key Identifier:
                keyid:2F:8E:51:22:56:9D:E5:2C:D5:0A:EC:79:34:94:BF:1C:E7:C2:5F:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L45RIlad5SzVCux5NJS_HOfCX8g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/4inp3rmc8abBZrSpYG-9NzczLIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/356e78-dcf8-4625-87ca-8688b1e53571/1/L45RIlad5SzVCux5NJS_HOfCX8g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:37:22:c0:14:5b:6b:79:dd:66:1f:a2:b5:10:dd:8a:f9:65:
         eb:4e:7d:0b:93:5a:b1:f4:6c:1e:4d:86:f3:bc:6d:6b:9f:70:
         12:7f:9e:4c:a7:2d:fb:63:99:0e:cc:b8:c7:21:d3:78:c6:0d:
         5d:98:40:e9:f1:b2:39:4e:bc:42:b3:c6:8c:78:e1:e4:fa:e4:
         6c:a7:b6:e6:33:65:cf:88:09:8f:ef:c0:d3:2f:6c:8c:06:87:
         10:a2:89:77:3e:f5:ac:cd:39:9d:04:2e:fd:0f:7e:fc:c0:f9:
         69:6c:12:8c:fd:b2:2a:f0:8d:3c:80:1e:c8:4f:92:31:30:6f:
         0c:3d:b3:9d:80:2a:49:85:54:57:a0:90:72:58:2a:7b:5d:d0:
         57:0f:05:b0:7d:e9:ab:4c:89:72:57:f7:a3:01:ba:6d:13:39:
         67:1d:f1:94:33:fd:6d:ac:dd:97:31:99:7b:4c:a4:ea:3d:36:
         0e:fc:ba:a9:ea:30:90:38:33:6a:fb:1b:4c:0b:96:01:5c:a2:
         47:71:1f:d9:be:22:d7:9f:55:f5:4c:6a:2c:4b:a5:2d:a6:88:
         e5:64:8d:d0:e7:c6:19:11:ff:04:a9:56:bf:50:06:3c:65:92:
         af:ff:85:8b:25:23:eb:d0:61:c1:d9:63:4e:26:bd:3f:88:79:
         1c:8d:f0:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRK3oi1KQLqXeT/UXU/BsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOGU1MTIyNTY5ZGU1MmNkNTBhZWM3OTM0OTRiZjFjZTdj
MjVmYzgwHhcNMjUwMTAxMjM0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI5ZTlkZWI5OWNmMWE2YzE2NmI0YTk2MDZmYmQzNzM3MzMyYzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWZDu3eNeEB42PR7i+6Xr0jGJYre
I9bgmqkTyKbX+BE4Sm2haqua0MDEsCidDXrpkwgSxuqqYjF4eVvGveeVYVSyS3bm
hyC8SswisrvpleDvYXonu8fUJgof0lbvhUHftfj+6FgUVFuoS+fq7IOWcX8wdcgW
Wix5DbU3+EZlKxBOQ0X75GOJvTmrCq7LNe+uEgB660cT8geZHRBY04X7BWxZLXZv
0HGTOJqAzTJdVmNnqS+WVvLsiw97hmBRpXCXNIHKQ3SxLPcUToief5Loj+NqxdeN
clnnPRAYy/awXoaLqs2NVwKjmDE7fI8IuarhiShILO/te3JSdQVawkeAiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIp6d65nPGmwWa0qWBvvTc3MyyLMB8GA1UdIwQY
MBaAFC+OUSJWneUs1QrseTSUvxznwl/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDQ1UklsYWQ1U3pWQ3V4NU5KU19IT2ZDWDhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zNTZlNzgtZGNmOC00NjI1LTg3Y2Et
ODY4OGIxZTUzNTcxLzEvNGlucDNybWM4YWJCWnJTcFlHLTlOemN6TElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zNTZlNzgtZGNmOC00NjI1LTg3Y2EtODY4OGIxZTUzNTcx
LzEvTDQ1UklsYWQ1U3pWQ3V4NU5KU19IT2ZDWDhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoQMA0G
CSqGSIb3DQEBCwUAA4IBAQDANyLAFFtred1mH6K1EN2K+WXrTn0Lk1qx9GweTYbz
vG1rn3ASf55Mpy37Y5kOzLjHIdN4xg1dmEDp8bI5TrxCs8aMeOHk+uRsp7bmM2XP
iAmP78DTL2yMBocQool3PvWszTmdBC79D378wPlpbBKM/bIq8I08gB7IT5IxMG8M
PbOdgCpJhVRXoJByWCp7XdBXDwWwfemrTIlyV/ejAbptEzlnHfGUM/1trN2XMZl7
TKTqPTYO/Lqp6jCQODNq+xtMC5YBXKJHcR/ZviLXn1X1TGosS6UtpojlZI3Q58YZ
Ef8EqVa/UAY8ZZKv/4WLJSPr0GHB2WNOJr0/iHkcjfCN
-----END CERTIFICATE-----